This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/11643] ldopen failing with relative path ($ORIGIN) when a capability is set
- From: "bugeaud at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: 28 May 2010 22:11:34 -0000
- Subject: [Bug libc/11643] ldopen failing with relative path ($ORIGIN) when a capability is set
- References: <20100528162846.11643.bugeaud@gmail.com>
- Reply-to: sourceware-bugzilla at sourceware dot org
------- Additional Comments From bugeaud at gmail dot com 2010-05-28 22:11 -------
My understanding is that, when AT_SECURE is set it is up to the glibc to decide
what to do with it, and as in the example given UID=EUID there is no superuser
escalation possible. So $ORIGIN chould be safe, as the only extra feature granted
on the process is set using the capabilities (file system level granted by root)
and no other capabilities can be added by the user.
In that context, this means that when AT_SECURE is set glibc should perform its
own check. Something like : if EUID==UID then grantOriginEscaping else
forbidOriginEscaping
--
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|INVALID |
http://sourceware.org/bugzilla/show_bug.cgi?id=11643
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.